WordPress Plugin Vulnerabilities

WordPress Toolbar <= 2.2.6 - Open Redirect

Description

The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Proof of Concept

https://example.com/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://google.com&wptbhash=acme

Affects Plugins

Plugin icon
wordpress-toolbar
No known fix

References

CVE
CVE-2023-6389
URL
https://magos-securitas.com/txt/CVE-2023-6389.txt

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://magos-securitas.com
Verified
Yes
WPVDB ID
04dafc55-3a8d-4dd2-96da-7a8b100e5a81

Timeline

Publicly Published
2024-01-03 (about 4 months ago)
Added
2024-01-03 (about 4 months ago)
Last Updated
2024-01-03 (about 4 months ago)

Other

Published
Title
Published
2021-03-19
Title
PhastPress < 1.111 - Open Redirect
Published
2024-04-05
Title
App Builder < 3.8.8 - Open Redirection
Published
2023-11-23
Title
Landing Page Builder < 1.5.1.6 - Open Redirect
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2020-03-31
Title
WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint